On July 26, 2016, responding to rising cyber attacks and public criticism, the federal government issued a Presidential Policy Directive (PPD-41), to clarify the role of law enforcement agencies, to increase coordination across the government, and to divide cybersecurity efforts into three categories: asset response, threat response and intelligence support. PPD-41 outlines five key principles for the federal government and federal agencies in complying with the “whole-government” approach to cybersecurity. Although the initiative is directed at the federal government and sector-specific agencies, private entities are also likely to be affected and are instructed on the best practice for cyber incident reporting.
PPD-41 emphasizes unity in the government’s response to cybersecurity incidents, outlining five guiding principles of the directive. In structuring incident reporting and protection mechanisms, the government seeks to emphasize shared responsibility, increased awareness, risk-based responses, respect to entities affected by the incident, unity in governmental efforts in responding to an incident, and allowing effective restoration and recovery following a cybersecurity breach. In distributing the responsibilities of cybersecurity, the government delineates specific agencies to take charge of the three categories of protection. The Department of Homeland Security (DHS) will lead asset response activities and post-breach recovery needs, the Department of Justice (DOJ) in collaboration with the FBI will be in charge of threat response, and the Office of the Director of National Intelligence (ODNI) will head intelligence support.